Run a free scan on your website

How does it work?

Our automated scan checks for vulnerabilities in every nook and cranny of your website. Using the same techniques as malicious hackers, we systematically test all the access points, giving you step-by-step instructions on how to eliminate any threat.

What does it find?

Our scan first checks your website for the OWASP Top 10 Web Application Security Risks. We then check your site for other known security holes. Since our scanner is constantly being updated, you can rest assured that you are protected against the latest threats. We regularly incorporate new tests and consistently score higher than any other scanner on open-source benchmarks.

Clean Technical Info

Security doesn't have to be difficult. We provide you with clean technical information so you can easily find each vulnerability and fix them quickly.

Digestible Data

We give you a clean overview of your website's security health and vulnerabilities. You shouldn't have to run analytics to understand our results.

Actionable Results

Security doesn't have to be difficult. We provide you with clean technical information so you can easily find each vulnerability and fix them quickly.

5 Minute Setup

Why spend days integrating a security tool? Our easy integrations and simple setup help you start scanning in 5 minutes.

Issue Tracker Integrations

Developers should never have to add a new burden to their process. We’ll push vulnerabilities right into their issue tracker, like JIRA, with a few clicks.

One Click Everything

Replay attacks and rescan vulnerabilities with one click. Immediate feedback will show you how a vulnerability affects your site and if you’ve fixed it!

Continuous Security

Use our API to integrate Tinfoil into your current continuous integration or security process. We’ll scan each time a new version of your site is deployed!

Authenticated Scanning

We can log into any website - including SAML / Single Sign-On authenticated sites! We've done crazy, custom schemes too.